Problem with Gitleaks an RetryCurrentTransaction.xaml

Help Studio
, ,
1

Hello.
My company installed gitleaks.
Now i can´t push or commit my changes from UiPath Studio in every process with REFramework.

in GIT BASH came the following hint (one example):

remote: ○
remote: │╲
remote: │ ○
remote: ○ ░
remote: ░ gitleaks
remote:
remote: Finding: …ture=neutral, PublicKeyToken=b77a5c561934e089" xmlns:s2="clr-names…
remote: Secret: b77a5c561934e089
remote: RuleID: generic-api-key
remote: Entropy: 3.625000
remote: File: Framework/RetryCurrentTransaction.xaml
remote: Line: 1
remote: Commit: 376c943e81407a65cacc8a9de97ce899ef9d2606
remote: Author: XXXXXX
remote: Email: XXXXXX
remote: Date: 2022-11-23T21:50:47Z
remote: Fingerprint: 376c943e81407a65cacc8a9de97ce899ef9d2606:Framework/RetryCurrentTransaction.xaml:generic-api-key:1

Can everyone give me an sollution?
Thanx

3

Hi @CrazyBeatnut

Are there any rules set in your git leaks to avoid push of code?

cheers

4

Hi @Anil_G
No simple code can be pushed.
There are rules to find secrets in code - and in REFramework it seams there are secrets “PubblicKeyToken”…

5

Hi @CrazyBeatnut

I looked up and saw there are few public keys only in retry transaction …

Create a backup and open the retry transaction xaml in a notepad and remove the lines starting from

image
image1015×108 8.62 KB

to the next starting where you see public key.Most of those are generic ones

I did remove and checked and I dint find any issue in running

Try removing and run the code…If it works then you should be able to upload it

But yes retry transaction has few publickeys…Check if you can disable them

Or Try re creating only the retry xaml and use that in place of the current

cheers

1 Like
6

Hi @Anil_G
Thank you very much.
After remove the line everyting was ok.

But i found an second way.
i generated a file ‘.gitleaks.toml’ in the root of my project with following text:

GitHub - zricethezav/gitleaks: Protect and discover secrets using Gitleaks 🔑

This is a global allowlist which has a higher order of precedence than rule-specific allowlists.

If a commit listed in the commits field below is encountered then that commit will be skipped and no

secrets will be detected for said commit. The same logic applies for regexes and paths.

[allowlist]
description = “global allow list”
paths = [
‘’‘RetryCurrentTransaction.xaml’‘’,
]

Then commit, push and merge will do what i want - the file will be ignored.
But your way ist the better one.
Thanx!

1 Like
8

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.